Method and system for screening remote site connections and filtering data based on a community trust assessment

ABSTRACT

Remote site connections are screened based on assesments performed by members of a trust community. Data based on a plurality of-end user assesments of particular remote sites are recieved at a server from a plurality of end-users. Each end-user is associated with a specific client machine which is in communication with the server. The server generates assesment scores based on the data. The server transmits the assesment scores to the client machines. The client machine selectively takes protective action against ones of the particular remote sites that have an undesireable assesment score generated by the server.

CROSS-REFERENCE TO RELATED APPLICATIONS

[0001] This application claims the benefit of U.S. Provisional Application No. 60/360,081, filed Feb. 25, 2002, entitled “Method and System for Screening Remote Site Connections and Filtering Data Based on a Community Trust Assessment,” which is incorporated herein by reference in its entirety.

BACKGROUND OF THE INVENTION

[0002] The interactive nature of the World Wide Web has proved to be a powerful marketing tool, allowing businesses and consumers to communicate on a one-to-one basis. As the Internet continues to be embraced by marketers worldwide, it is within reason to expect those marketers to exercise due diligence in limiting youth exposure to certain web-based content. Controlling access to websites inappropriate to younger users is key for age-sensitive marketers. Furthermore, without any type of protection, Internet users of any age are subject to receiving unsolicited emails and cookie files from untrustworthy websites.

[0003] Several inexpensive and easy to install software programs exist that filter out content that end-users deem to be inappropriate. Brand names, including Cyber Patrol®, Cybersitter®, Cyber Snoop®, SuperScout, SurfControl®, Net Nanny® and Surf-Watch®, have been developed and are on the market for the purpose of screening access to certain remote sites. Furthermore, most major online services offer blocking features as part of their regular menu of options (e.g., AOL Parental Controls).

[0004] A cookie file (also know simply as a “cookie”) is a tool used on the web to facilitate and interpret this one-to-one interaction. Cookie files offer businesses the potential for more effective direct marketing of goods, services and information. For many e-businesses that operate over the Internet, cookie files are considered to be vital to the future success of on-line advertising and thus the generation of future business. Internet Explorer and Netscape allow a computer user to set the computer's browser such that all received cookie files are either automatically accepted (enabled) or rejected (disabled). In another user selectable browser mode, the computer user is prompted for a decision every time an individual cookie file is received.

[0005] What is needed is a method and system for screening remote site connections and filtering data (e.g., cookie files) based on a trust assessment performed by a community of collaborating end-users, rather than a rigid criteria established by a single end-user having only a limited knowledge of the remote sites.

BRIEF SUMMARY OF THE INVENTION

[0006] A computer-implemented method and system screens remote site connections according to a preferred embodiment of the present invention. A server receives, from a plurality of end-users, data based on a plurality of end-user assessments of particular remote sites. Each end-user is associated with a specific client machine which is in communication with the server. The server generates assessment scores based on the data. The server transmits the assessment scores to the client machines. Each specific client machine selectively takes protective action against ones of the particular remote sites that have an undesirable assessment score generated by the server. One protective action may be implemented to prevent the specific client machine from connecting to the ones of the particular remote sites that have an undesirable assessment score generated by the server. Another protective action may be implemented to filter specific content or instructions received from the ones of the particular remote sites that have an undesirable assessment score generated by the server.

[0007] Each of a plurality of client machine users creates a first list of remote sites which the user trusts, and a second list of remote sites which the user does not trust. The first and second lists are received from each of the client machines and storing in a database. The first and second lists are aggregated and assessed to generate a community aggregate trust assessment. Each specific client machine selectively takes protective action against ones of the particular remote sites based on one or more of (i) the first list created by the specific client machine, (ii) the second list created by the specific client machine, and (iii) the community aggregate trust assessment.

[0008] A server receives from a plurality of end-users, data based on a plurality of end-user assessments of particular remote sites. Each end-user is associated with a specific client machine which is in communication with the server. For each particular remote site, the server generates assessment scores based on the number of the end-users who trust the particular remote site, and the number of the end-users who do not trust the particular remote site. The server transmits the assessment scores to the client machines. Each specific client machine selectively takes protective action against ones of the particular remote sites that have an undesirable assessment score generated by the server.

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS

[0009] The foregoing summary, as well as the following detailed description of preferred embodiments of the invention, will be better understood when read in conjunction with the appended drawings. For the purpose of illustrating the invention, there is shown in the drawings embodiments which are presently preferred. It should be understood, however, that the invention is not limited to the precise arrangements and instrumentalities shown.

[0010] In the drawings:

[0011]FIG. 1 shows a block diagram of a Community Trust Assessment System 100 operating in accordance with the present invention;

[0012]FIG. 2 is a Trust Assessment Data flow chart used in conjunction with the system of FIG. 1; and

[0013]FIG. 3 is a Protective Action Process flow chart used in conjunction with the system of FIG. 1.

DETAILED DESCRIPTION OF THE INVENTION

[0014] The present invention uses a client software program, through which end-users may specify if they trust, do not trust, or have no trust assessment for a particular remote site.

[0015] The client software program uses the end-user's trust assessment to take a particular protective action pertaining to the remote site. The protective action may include denying connectivity to the remote site or blocking connectivity from the remote site to the client machine. Alternatively, protective actions may involve filtering certain content or instructions from the remote site, such as unsolicited emails from the remote site, or cookie information provided by the remote site to the client machine's browser with the intent of storing a temporary or persistent cookie file on the client machine.

[0016] From time to time, the client software program connects to a remote community trust server to inform the server of the end-user's trust preferences for each site for which the end-user has provided a trust assessment.

[0017] The community trust server stores the transmitted trust preferences from multiple end-users who in effect form a trust assessment community. The data is processed on the community trust server to generate trust assessment scores for all sites for which data is available. The data, including trust assessment scores, is transmitted back to the client software in a format that shares the community's preferences with the client software.

[0018] The end-user may configure the client software to take protective action based on the community's aggregate assessment of a particular site in addition to the end-user's own preferences. For instance, a particular protective action could be triggered if less than 10% of the community trusts the site, or over 50% have specified that they do not trust the site, even if the end-user has not yet specified a trust assessment for the remote site.

[0019] In this way, individuals can form a community trust assessment network and empower themselves with trust information provided by the aggregate assessment of the community's members, in addition to their own individual preferences.

[0020]FIG. 1 shows a block diagram of a Community Trust Assessment System 100 operating in accordance with the present invention. A Protective Action Engine 105, residing on a Client Machine 110 as a component of the Client Software, makes determination about protection actions to take for a particular remote site based on a Local Preferences and Rules object 115, a Personal Trustlist 120, a Personal Blacklist 125, and the Community Trust Score Table 130.

[0021] Examples of protective action include:

[0022] (1) Denying connectivity to remote site;

[0023] (2) Blocking connectivity from remote site; and

[0024] (3) Filtering specific content or instructions from the remote site, such as unsolicited emails from the remote site, or cookie information provided by the remote site to the browser of the Client Machine 110 with the intent of storing a temporary or persistent cookie file on the Client Machine 110.

[0025] For example, if the user has specified a particular remote site in the Personal Trustlist, no protective action would be taken. If the user has specified a particular remote site in the Personal Blacklist, one or more protective actions could be taken if the user has specified in the Local Preferences and Rules object 115 that such action should be taken.

[0026] If, in the Local Preferences and Rules object 115, the end-user has indicated that they wish to make use of the Community Trust Assessment in some way, the Protective Action Engine 105 will do this. For instance, the end-user may wish to take a certain protective action for remote sites that are rated suspicious by 50% or greater of the community's members. In another example, a certain protective action would be taken for remote sites where the ratio of trusting users to suspicious users of that remote site is below 100%.

[0027] The Personal Trustlist 120, stored on the Client Machine 110, is a list of remote sites the end-user has designated as trusted using the client software. The Protective Action Engine, 105 based on the Local Preferences and Rules object 115, will factor in the user's designation of a remote site as trusted when deciding what protective action should be taken, if any.

[0028] The Personal Blacklist 125, stored on the Client Machine 110, is a list of remote sites the end-user has designated as suspicious using the client software. The Protective Action Engine 105, based on the Local Preferences and Rules object 115, will factor in the user's designation of a remote site as suspicious when deciding what protective action should be taken, if any.

[0029] In the Local Preferences and Rules object 115, the end-user of the client software specifies how they want the Protective Action Engine 105 to operate, and if they wish the Trust Data Exchanger 135 to participate in the community. For instance, one rule might be to ignore the community trust data entirely. Another rule might be for all sites that are trusted by over 90% of the community, no protective action should be taken unless the user has assessed the site as suspicious, and thus the client software has included it in the Personal Blacklist 125.

[0030] The Community Trust Score Table 130 is a locally stored table of aggregate scores of the remote sites as determined by the Scoring Engine on the Community Trust Server and communicated to the Client Machine 110 using the server's and client's respective Trust Data Exchangers 135A, 135B.

[0031] The table includes a set of remote sites, and for each remote site includes information that the Protective Action Engine 105 on the Client Machine 110 can use to decide on which protective action, if any, should be taken based on the Local Preferences and Rules object 115. The information in the table could include fields such as: number of community members who trust the site, number of community members who have designated the site as suspicious, total number of community members, percentage of community members who find the site suspicious, percentage of community members who trust the site, and percentage ratio of trusting members to suspicious members for that particular remote site. Remote number of Number of Percentage percentage Percentage ratio Site trusting suspicious community of trusting members (Primary users users members community to suspicious Key) who are members members suspicious who trust

[0032] Since this table is stored on the Client Machine 110, it may be stored in list format (such as a character delimited list) as well as in relational database format.

[0033] The Trust Data Exchanger 135A on the Client Machine 110, if permitted by the end-user's choice as recorded in the Local Preferences and Rules object 115, transmits the Personal Trustlist 120 and Personal Blacklist 125 to the Community Trust Server 145 over a network 150. The Trust Data Exchanger 135A can also receive a Community Trust Score Table 130 from the Trust Data Exchanger 135B of the Community Trust Server 145. The data can be exchanged in the form of complete or incrementally changed data.

[0034] The Trust Data Exchanger 135B of the Community Trust Server 145 can receive over the network 150, from the Client Machine 110, the Personal Trustlist 120 and Personal Blacklist 125 for inclusion in the Trust Assessment Database 155. The Trust Data Exchanger 135B of the Community Trust Server 145 can also transmit data to the Client Machine 110 from the Site Scoring Database 160, which the Trust Data Exchanger 135B of the Community Trust Server 145 will store in the Community Trust Score Table object 130 on the Client Machine 110. The data can be exchanged in the form of complete or incrementally changed data.

[0035] The Scoring Engine 140 processes the data in the Trust Assessment Database 155 for inclusion in the Site Scoring Database 160. For instance, if there are five users in the Trust Assessment Database 155 that find a particular remote site suspicious, the entry in the Site Scoring Database 160 for a number of users that find a remote site suspicious would be listed as “5”. The Scoring Engine 140 calculates, using the Trust Assessment Database 155 (incrementally or all at once), the values for any fields included in the Site Scoring Database 160 for each remote site, such as: number of trusting users, number of suspicious users, percentage of community members who find the site suspicious, percentage of community members who trust the site, and percentage ratio of trusting members to suspicious members for that particular remote site.

[0036] The Site Scoring Database 160 includes, for each remote site, an entry for various community trust metrics, such as: number of trusting users, number of suspicious users, percentage of community members who find the site suspicious, percentage of community members who trust the site, and percentage ratio of trusting members to suspicious members for that particular remote site.

[0037] The table structure of the Site Scoring Database 160 is as follows: Remote number of Number of Percentage percentage Percentage ratio Site trusting suspicious community of trusting members (Primary users users members community to suspicious Key) who are members members suspicious who trust

[0038] The Trust Assessment Database 155 includes, for each member of the community, an entry for each remote site that the community member has assessed, the “trust status” of the site (trusted or suspicious), and the date and time of the entry.

[0039] The table structure of the Trust Assessment Database 155 is as follows: Community Member Remote Site Trust Status Date and Time ID (Primary Key part (Primary Key either {trusted, assessment 1) part 2) suspicious} received

[0040]FIG. 2 shows a Trust Assessment Data flow whereby a Client Machine 110 used by an end-user must decide whether or not to invoke particular countermeasures to protect from a certain remote site. In step 205, the user of Client Machine 110 may optionally create a Personal Trustlist 120. In step 210, the user of Client Machine 10 may optionally create a Personal Blacklist 210. In step 215, the Trust Data Exchanger 135A of the Client Machine 110 transmits trust assessments from the Personal Trustlist 120 and the Personal Blacklist 125 to the Trust Data Exchanger 135B in the Community Trust Server 145. In step 220, the Trust Data Exchanger 135B in the Community Trust Server 145 integrates trust assessments into the Trust Assessment Database 155. In step 225, the Scoring Engine 140 generates scores for the Site Scoring Database 160 from the Trust Assessment Database 155. In step 230, the Trust Data Exchanger 135B of the Community Trust Server 145 transmits Community Trust Assessment Data from the Site Scoring Database 160 to the Trust Data Exchanger 135B of the Client Machine 110 via network 150. In step 235, the Trust Data Exchanger 135A on the Client Machine 110 integrates Community Trust Data into the Community Trust Score Table 130.

[0041]FIG. 3 shows a Protective Action Process which demonstrates how individual trust assessments become part of the community and are transmitted back to individual users in aggregate.

[0042] The primary algorithm of the Community Trust Assessment System 100 is the Protective Action Algorithm, as depicted in FIG. 3. This algorithm allows the Client Machine 110 to benefit from the end-user's preferences and trust assessments as well as the trust assessment of the community when determining whether or not to take one or more protective actions.

[0043] The Protective Action Algorithm begins in step 305 when an event occurs that may require Protective Action countermeasure(s). For example, a remote site on the end-user's Blacklist, or despised by the community in general, may be attempting to place a cookie on the end-user's Client Machine 110, or may have already succeeded in doing so.

[0044] In step 310, the Protective Action Engine must determine the identity of the remote site, for example, by looking up the host name of the remote site based on its IP number. The Protective Action Engine may have already been informed of the identity of the remote site by the client program when the event was detected or triggered.

[0045] In step 315, the remote site is compared to the end-user's Personal Trustlist 120. If the remote site is in the Personal Trustlist 120, and hence a trusted site, no further action is taken.

[0046] In step 320, the remote site is compared to the end-user's Personal Blacklist. If the remote site is in the Blacklist, and hence a suspicious site, protective action is taken based on the end-user's Local Preferences and Rules object 115 (steps 340, 345). For instance, the end-user may have specified that for all remote sites in the Blacklist, all possible protective actions should be taken for events pertaining to the remote site. The protective actions could include cookie deletion, content filtering, and even the blocking of all network activity to and from the remote site from and to the Client Machine 110.

[0047] If the remote site is not in the Blacklist, the Local Preferences and Rules object is checked to see if the Community Trust Features are activated (step 325). If the features are not activated, no further protective action is taken (step 335).

[0048] If the Community Trust Features are activated, the end-user has stated that they wish to take protective actions based on the community's aggregate trust assessment as stored on the Client Machine 110 in the Community Trust Score Table (step 330).

[0049] In this case, based on the Local Preferences and Rules object 115, one or more protective action(s) may be taken. For instance, the end-user could specify that the Protective Action Engine 105 should block cookies from all sites that more than 25% of the community finds suspicious. The end-user may wish all network activity to be blocked to and from remote sites that more than 50% of the community finds suspicious.

[0050] The Protective Action Engine 105 takes protective action countermeasures against remote sites based on locally stored trust assessments specified by the end-user, combined with a community's aggregate trust assessment. In addition to the present invention, the software application provides further functionality to the user. This functionality includes the following:

[0051] (1) The ability for the user to download a Watchlist of potentially suspicious sites as designated by a central authority;

[0052] (2) The ability for the user to manually retrieve the latest privacy Watchlist from the server;

[0053] (3) The ability for the user to view client cookies;

[0054] (4) The ability for the user to select and manually delete cookies; and

[0055] (5) The ability for the user to enable/disable the Protective Action Engine.

[0056] The present invention is capable of running on any hardware configuration that is used as part of today's technology. In order to participate in the community trust system and interact with the Trust Data Exchanger 135B of the Community Trust Server 145, the Client Machine 110 must be able to connect to the Community Trust Server 145 over the network 150.

[0057] The present invention may be used with any computer operating system. However, in today's modem marketplace, Microsoft Windows is the most commonly used computer operating system. Therefore, although programming has not been completed for all operating systems, the application is currently available for use with the Microsoft Windows operating system in the following versions: Windows 95, Windows 98, Windows Me, Windows NT, Windows 2000, and Windows XP. The client software must have connectivity to the Internet to enable key features, such as participation in the community trust system.

[0058] The present invention may be implemented with any combination of hardware and software. If implemented as a computer-implemented apparatus, the present invention is implemented using means for performing all of the steps and functions described above.

[0059] The present invention may be implemented with any combination of hardware and software. The present invention can be included in an article of manufacture (e.g., one or more computer program products) having, for instance, computer useable media. The media has embodied therein, for instance, computer readable program code means for providing and facilitating the mechanisms of the present invention. The article of manufacture can be included as part of a computer system or sold separately.

[0060] It will be appreciated by those skilled in the art that changes could be made to the embodiments described above without departing from the broad inventive concept thereof. It is understood, therefore, that this invention is not limited to the particular embodiments disclosed, but it is intended to cover modifications within the spirit and scope of the present invention. 

I claim:
 1. A computer-implemented method of screening remote site connections, the method comprising: (a) receiving at a server from a plurality of end-users, data based on a plurality of end-user assessments of particular remote sites, each end-user being associated with a specific client machine which is in communication with the server; (b) the server generating assessment scores based on the data; (c) the server transmitting the assessment scores to the client machines; and (d) each specific client machine selectively taking protective action against ones of the particular remote sites that have an undesirable assessment score generated by the server.
 2. The method of claim 1 wherein the protective action prevents the specific client machine from connecting to the ones of the particular remote sites that have an undesirable assessment score generated by the server.
 3. The method of claim 1 wherein the protective action filters specific content or instructions received from the ones of the particular remote sites that have an undesirable assessment score generated by the server.
 4. A computer-implemented method of screening remote site connections, the method comprising: (a) each of a plurality of client machine users creating a first list of remote sites which the user trusts; (b) each of the plurality of client machine users creating a second list of remote sites which the user does not trust; (c) receiving from each of the client machines and storing in a database the first and second lists; (d) aggregating and assessing the first and second lists to generate a community aggregate trust assessment; and (e) each specific client machine selectively taking protective action against ones of the particular remote sites based on one or more of (i) the first list created by the specific client machine, (ii) the second list created by the specific client machine, and (iii) the community aggregate trust assessment.
 5. The method of claim 4 wherein the protective action prevents the specific client machine from connecting to the ones of the particular remote sites that are on the second list or have an undesirable aggregate trust assessment.
 6. The method of claim 4 wherein the protective action filters specific content or instructions received from the ones of the particular remote sites that are on the second list or have an undesirable aggregate trust assessment.
 7. A computer-implemented method of screening remote site connections, the method comprising: (a) receiving at a server from a plurality of end-users, data based on a plurality of end-user assessments of particular remote sites, each end-user being associated with a specific client machine which is in communication with the server; (b) for each particular remote site, the server generating assessment scores based on the number of the end-users who trust the particular remote site, and the number of the end-users who do not trust the particular remote site; (c) the server transmitting the assessment scores to the client machines; and (d) each specific client machine selectively taking protective action against ones of the particular remote sites that have an undesirable assessment score generated by the server.
 8. The method of claim 7 wherein the protective action prevents the specific client machine from connecting to the ones of the particular remote sites that have an undesirable assessment score generated by the server.
 9. The method of claim 7 wherein the protective action filters specific content or instructions received from the ones of the particular remote sites that have an undesirable assessment score generated by the server.
 10. A system for screening remote site connections, the system comprising: (a) a plurality of client machines; and (b) a server in communication with the client machines, the server receiving data based on a plurality of end-user assessments of particular remote sites, each end-user being associated with a specific one of the client machines, wherein: (i) the server generates assessment scores based on the data; (ii) the server transmits the assessment scores to the client machines; and (iii) each specific client machine selectively takes protective action against ones of the particular remote sites that have an undesirable assessment score generated by the server.
 11. The system of claim 10 wherein the protective action prevents the specific client machine from connecting to the ones of the particular remote sites that have an undesirable assessment score generated by the server.
 12. The system of claim 10 wherein the protective action filters specific content or instructions received from the ones of the particular remote sites that have an undesirable assessment score generated by the server.
 13. A system for screening remote site connections, the system comprising: (a) a plurality of client machines; and (b) a server in communication with the client machines, wherein: (i) the server receives from each specific client machine a first list of remote sites which a user of the specific client machine trusts and a second list of remote sites which the user does not trust; (ii) the server aggregates and assesses the first and second lists to generate a community aggregate trust assessment; and (iii) each specific client machine selectively takes protective action against ones of the particular remote sites based on one or more of (I) the first list created by the specific client machine, (II) the second list created by the specific client machine, and (III) the community aggregate trust assessment.
 14. The system of claim 13 wherein the protective action prevents each specific client machine from connecting to the ones of the particular remote sites that are on the second list or have an undesirable aggregate trust assessment.
 15. The system of claim 13 wherein the protective action filters specific content or instructions received from the ones of the particular remote sites that are on the second list or have an undesirable aggregate trust assessment.
 16. A system for screening remote site connections, the system comprising: (a) a plurality of client machines; and (b) a server in communication with the client machines, the server receiving data based on a plurality of end-user assessments of particular remote sites, each end-user being associated with a specific one of the client machines, wherein: (i) the server generates assessment scores based on the number of the end-users who trust the particular remote site, and the number of the end-users who do not trust the particular remote site; (ii) the server transmits the assessment scores to the client machines; and (iii) each specific client machine selectively takes protective action against ones of the particular remote sites that have an undesirable assessment score generated by the server.
 17. The system of claim 16 wherein the protective action prevents the specific client machine from connecting to the ones of the particular remote sites that have an undesirable assessment score generated by the server.
 18. The system of claim 16 wherein the protective action filters specific content or instructions received from the ones of the particular remote sites that have an undesirable assessment score generated by the server. 